©2016 Patrick Tague 1

Wireless Network SecuritySpring 2016

Patrick Tague

Class #21 – Telecom Security & Privacy

©2016 Patrick Tague 2

Class #21• Original security goals in mobile networks

• (Possible) future security goals in mobile networks

• Several open research areas

©2016 Patrick Tague 3

Let's talk about mobile networks

©2016 Patrick Tague 4

2G GSM/CDMA ArchitectureMobile Stations Base Station

Subsystem

Exchange System

Network Management

Subscriber and terminal equipment databases

BSC MSCVLR

HLR

EIR

AUC

OMC

BTS

BTS

BTS

adapted from [M. Stepanov; http://www.gsm-security.net/]

SIM

SIM

SIM

SIM

©2016 Patrick Tague 5

2G GSM Security• Secure access– User authentication for billing and fraud prevention– Uses a challenge/response protocol based on a subscriber-

specific authentication key (at HLR)

• Control and data signal confidentiality– Protect voice, data, and control (e.g., dialed telephone

numbers) from eavesdropping via radio link encryption (key establishment is part of auth)

• Anonymity– Uses temporary identifiers (TMSI) instead of subscriber ID

(IMSI) to prevent tracking users or identifying calls

©2016 Patrick Tague 6

3G Evolution• The move from 2G to 3G primarily included:– Support for mobile data at (near-)broadband rates

• UMTS, TD-CDMA, WCDMA, CDMA-3xRTT, TD-SCDMA, HSDPA, HSUPA, HSPA, HSPA+

– Improved security protocols• Because everything in 2G was broken several ways

©2016 Patrick Tague 7

image from [VZW “CDMANetwork Security” whitepaper]

©2016 Patrick Tague 8

3G Security Enhancement• 3G security model builds on GSM

• Protection against active attacks– Integrity mechanisms to protect critical signaling– Enhanced (mutual) authentication w/ key freshness

• Enhanced encryption– Stronger (public) algorithm, longer keys– Encryption deeper into the network

• Core security – signaling protection

• Potential for secure global roaming (3GPP auth)

©2016 Patrick Tague 9

Authentication & Key Gen.

SIMMS MSC VLR HLR AUC

Authentication Request

3G Auth Suite

RANDK

XRES CK

SQNhe

IK AUTN

{RAND, XRES, CK, IK, AUTN}{RAND, AUTN}

RES, Auth FAIL, or SQN FAIL RES = XRES ?

3G Auth Suite

RANDK

RES CK

SQNms

IK AUTN check

AUTN

©2016 Patrick Tague 10

Enhanced Confidentiality

f8

{COUNT, BEARER, DIR, LEN}

Keystream

Ciphertext

CK

Plaintext

f8

{COUNT, BEARER, DIR, LEN}

Keystream

CK

Plaintext

• f8 is one mode of KASUMI, based on MISTY cipher– Externally reviewed (positively), published, broken

©2016 Patrick Tague 11

Enhanced Integrity

f9

{COUNT, FRESH, DIR, LEN, MSG}

MSG,MAC-I

IKf9

{COUNT, FRESH, DIR, LEN, MSG}

IK

MAC-I = XMAC-I ?

MAC-I XMAC-I

• f9 is another mode of KASUMI

©2016 Patrick Tague 12

Toward 4G• 4G represents the next generation in cellular

communication– ITU-R standard: 1Gbps fixed, 100Mbps @ 100kph– WiMAX Release 2, LTE-Advanced

• WiMAX and LTE are not really 4G

• Verizon, Sprint, AT&T use LTE; T-Mobile, AT&T use HSPA+

• Most provide ~20Mbps fixed

©2016 Patrick Tague 13

4G Security Issues• All-IP network ==> all IP-based threats apply

• Verification of users

• Heterogeneous network access– User-preferred connection methods– Multiple available connections:

• Attacker has more opportunity for exploit/attack

• Device is exposed to attacks on each connection– Exploits based on driver code, comm protocols, transport /

signaling, file-sharing, update, etc.

– Complex management systems are required

• ?

©2016 Patrick Tague 14

Some other attacks on mobile networks

©2016 Patrick Tague 15

SMS Flooding ==> Voice DoS

XBTS3

Paging X (PCH)

X Reply (RACH)Random access channel

Ch. Assign (AGCH)Access grant channel

SMS delivery (SDCCH)Standalone dedicated

control channel

XBTS3

Paging X (PCH)

X Reply (RACH)Random access channel

Ch. Assign (AGCH)Access grant channel

TCH Setup (SDCCH)Standalone dedicated

control channel

Voice traffic (TCH)Traffic channel

• Voice & SMS Resources– TCH is not used for SMS– Both SMS and voice init. use RACH, AGCH, and SDCCH

SMS flooding also works as DoS against voice calls!

©2016 Patrick Tague 16

Rogue BTS• An adversary can deploy a rogue BTS that spoofs /

mimics a service provider to attract users

• Possible to launch a MitM attack on 2G/3G mobile connections

• Applies to GPRS, EDGE, UMTS, and HSPA capable devices (far easier for GPRS/EDGE devices)

• Cheap

• Difficult to detect, if done well

©2016 Patrick Tague 17

Setting up a Rogue BTS

[Perez & Pico, BlackHat 2011]

©2016 Patrick Tague 18

What's coming next is going to get a lot more interesting

©2016 Patrick Tague 19

Spectrum Management• Most current mobile networks use multiple

dedicated channels for voice, data, text, etc.

XBTS

Paging X (PCH)

X Reply (RACH)Random access channel

Ch. Assign (AGCH)Access grant channel

SMS delivery (SDCCH)Standalone dedicated

control channel

XBTS

Paging X (PCH)

X Reply (RACH)Random access channel

Ch. Assign (AGCH)Access grant channel

TCH Setup (SDCCH)Standalone dedicated

control channel

Voice traffic (TCH)Traffic channel

©2016 Patrick Tague 20

Spectrum Agility• Base stations and handsets can learn how spectrum

is being used, so they can find gaps that are available between used “channels”– This is the basic idea of cognitive and whitespace radio

©2016 Patrick Tague 21

How can radios coordinate to find available spectrum resources?

Opportunities for misbehavior? Cheating?

Risks of flexibility?

©2016 Patrick Tague 22

What if the core network disappears?

This will happen soon.

©2016 Patrick Tague 23

What if the access

technology didn't matter?

This will change soon, too.

©2016 Patrick Tague 24

What if the access network

became a compute platform?

Mobile fog computing

©2016 Patrick Tague 25

What if we incorporate computation into every element of the mobile network?

What if we allow network elements to collaborate and share info?

©2016 Patrick Tague 26

CROSSMobile: a radical agent-based approach to mobile networking that deeply integrates computing

capabilities and proactive resource provisioning

Possibility of software agent computing in

every network element

On-the-fly resource

negotiation and allocation

Deeply integrated support for metered pricing, customized

service, context-aware networking, etc.

©2016 Patrick Tague 27

CROSSMobile Network

©2016 Patrick Tague 28

CROSSMobile NetworkFully operational (FCC-licensed) mobile

network based on open-source tools

©2016 Patrick Tague 29

What are the risks of broad (though controlled) information sharing and

cooperation across devices, domains, layers, etc.?

Additional risk of software-defined everything?

©2016 Patrick Tague 30

Apr 21:Discuss final deliverables;

Course wrap-up

Apr 26 & 28:Final presentations